Archives

InfoSec Issues

Everyday I’m shuffling

January 25, 2016

It’s always around this time of year that I realize that the previous year I swore that I was going to blog more in the upcoming year. I could say that there were countless reasons why this didn’t make it to the top of my priority list, but the reality is that I just prioritized other things above it time and time again. There was this time when I grabbed my coffee every morning and sat down at my desk and read through my favorite blogs to see what was going on. Then I would go onto Twitter and make sure I didn’t miss anything. This doesn’t happen anymore. I wish I could say that there was still tons of good information being blogged about, but the sources for my information also seemed to have reprioritized their blogging efforts.

 

So that leaves me with today, today is my quest to find out how to best aggregate the information that is important to know on a daily basis.hqdefault

Conferences, InfoSec Issues

Backup Buddies – BSidesLV | BlackHat | DefCon 2015

July 20, 2015

We are back for the 3rd year!!!!

Backup Buddies

Backup Buddies started in 2013 due to the great deal of attention paid to the treatment and incidents involving females at conferences. Instead of just addressing problems after the fact or talking about it, this is our call to action to address any potential issues and offering at least somewhat of a solution. This year, much like last, I’m SO THRILLED to say that many amazing members of the Black Hat / DEF CON community have jumped onboard to help as well to be the ‘eyes’ and ‘ears’ for anyone who needed a hand.

I truly love this community and the amazing experience that the conferences can be, and we all want to do our part to ensuring everyone (from industry to journalists and everyone in-between) has the most positive experience that they can. For the 2015 week of Security BSides + BlackHat + DEFCON,  a bunch of us are offering up our time and efforts to help. If you or someone you know, especially (but not only) female, who is new to the conferences or might need a friendly hand, give them this number:

+1-650-4-BACKUP

This has been setup to contact me via voice and text during the conference so if I’m not close by, I can pass it on to one of our trusted ‘Buddies’ that is close to the area to help assist people who find themselves uncomfortable, need a friend to talk to about something that happened, are in a situation that is turning bad that need some assistance, or need some first-time attendee guidance. Anyone who reaches out will have their information kept confidential and not shared unless the individual wishes for someone to speak on their behalf.

This number is not:

  • A party-info line. I can’t get you into parties.
  • A general conference information line. Google and conference staffs are there for you for general info.
  • A phishing expedition.
  • 1-900-CHATROOM.
  • “I just wanted to see what’s up”

This number is for situations such as:

  • I need help with or someone to talk to in confidence about an inappropriate situation that is developing or has occurred.
  • It’s my first conference and I feel absolutely alone or am having an absolutely horrid experience.

This line has been a positive experience, let’s keep the option open for those who may need it. Please don’t be “that guy/girl” who abuses the number or thinks it’s funny to crank call. Go crank call rooms at Bally’s instead 😉 .

If you are trusting, friendly, and want to help others, send an email to backups at secbarbie.com.

**PHONE NUMBER WILL GO LIVE MONDAY AFTERNOON AUGUST 3rd AND STAY ON-LINE UNTIL THE AUGUST 9TH

Conferences

Change the behavior, the environment doesn’t matter #RSAC

April 21, 2015

While volunteering at the HacKid Conference booth in the Cyber Security Safety Village yesterday I was approached by a #RSAC attendee from a major automotive company. Apparently he waited to talk to the other booth volunteer (which was male) first, but the other volunteer was discussing things with other people, so he had to come interact with me. He started out by asking me budget questions about HacKid and when I stated that he could email to get more information about those types of questions he abruptly stated that he needs to talk to somebody that actually knows something and walked off.

This type of behavior happens all of the time. So when we are discussing things like how vendors staff their exhibition booths or the types of outfits that people wear, or themes used, perhaps we should talk about the behavior of the attendees first. They need to treat people like people.

UPDATE:
To ensure my point is clear:

  • Yes, there will always be people who do not treat others with respect, even the minimum amount of respect.
  • I don’t believe that RSAC needed to take the actions they did, but I don’t disagree with them either if it makes people feel less alienated.
  • The ‘Booth Babe’s’ were always professional from what I witnessed, and they were subjected to a great deal of poor behavior from some attendees that was almost always embarrassing to even overhear.
  • I was personally treated in a rude and disrespectful fashion, but it didn’t overly offend me, I have posted this more as a statement about how we can all improve our behavior towards others especially when we have no idea who the person is that is the subject to such behavior.

 

Conferences, Foodie Stuff

Secgria – The SecBarbie Sangria

September 1, 2014


For those of you that wanted my Sangria Recipe from SecSocial/Urbane Affair this year in Vegas, here is the info… Ingredients are VERY important, don’t skimp on the wine or Pear Brandy, the rest you can substitute for generic if needed.

The Hardware:
1 Pitcher (or large vessel for containing the end-product)
Saucepan (for the Simple Syrup)
Cutting Board and knife (or however you plan to slice your fruit)
Glassware for the final product

The Software:
2 bottles Tempranillo or Roja
1 cup Pear Brandy (William’s Pear Brandy)
1/2 cup Triple Sec
1 cup Orange Juice
1 cup Pomegranate Juice
1/2 cup Simple Syrup (equal parts sugar and water, heated until sugar dissolves, cooled)
1 Orange Sliced up*
1 Apple Sliced up*
1 container of Blackberries*
1 container of Raspberries*

* You will want to grab extra fruit to put in the glasses!

Build Instructions:
DO THIS FIRST:
Simple Syrup:
Make your own Simple Syrup, it’s easy and it always tastes better than the store-bought stuff. Use qual parts sugar and water, heated until sugar dissolves, cooled. This takes about 5 minutes, so don’t walk away from it, bring it to a boil, stir often, and once it’s dissolved, put it aside and cool. For this recipe, make 1 cup of Simple Syrup and store the rest for delicious things such as Old-Fashions (I’ll post Zack’s Templeton Old Fashion recipe somewhere later).
Main:
Mix all ingredients together and let stand in a tightly sealed container or pitcher for at least 24 hours in the refrigerator before serving. I’ve let it sit for less time, but definitely not less than 4 hours, we tried that and it just didn’t taste as good.

I made this is large bulk, so if you need scaling information, just reach out (math is hard)!

Conferences, Gender Issues

DEFCON unLocked !

August 19, 2014

women computers geek hacking badges hack defcon hacking conference_www.wall321.com_92
To start by saying that I’m more than flattered to be involved with so many of the people that I grew up in this industry respecting and looking up to is not even the words.

Tomorrow, Wednesday, August 20th at 3:30PM Pacific

I will be participating in a Google hangout to help all people (especially people identifying as women) navigate the intimidating process of submitting a speaking proposal for Defcon 2015 among other hacker cons.

Check out how to participate as well as the ridiculous line up of people participating at @Tarah’s blog post:
#DefconUnlocked

General Blog

Privacy

August 12, 2014

Screen Shot 2014-08-12 at 11.42.58 AM

The only way to truly have privacy is to be less interesting. When nobody, no corporation, no entity cares about what you do, say, go, buy, are, etc… that is when you get your privacy. So to what extent has it ever really existed.
– The Introspective SecBarbie.

Conferences

BlackHat | DefCon 2014 – The SecBarbie Backup Buddies are BACK!

July 25, 2014

Buddies

We started this last year due to the great deal of attention paid to the treatment and incidents involving females at conferences. Instead of just addressing problems after the fact or talking about it, this was my attempted answer to speaking to potential issues and offering at least somewhat of a solution, and I’m SO THRILLED to say that many of my friends jumped onboard to help as well to be the ‘eyes’ and ‘ears’ for anyone who needed a hand.

I truly love this community and the amazing experience that the conferences can be, and we all want to do our part to ensuring everyone (from industry to journalists and everyone in-between) has the most positive experience that they can. For the 2014 week of BlackHat + DEFCON,  a bunch of us are offering up our time and efforts to help. If you or someone you know, especially (but not only) female, who is new to the conferences or might need a friendly hand, give them this number:

+1-650-4-BACKUP

This has been setup to contact me via voice and text during the conference so if I’m not close by, I can pass it on to one of our trusted ‘Buddies’ that is close to the area to help assist people who find themselves uncomfortable, need a friend to talk to about something that happened, are in a situation that is turning bad that need some assistance, or need some first-time attendee guidance. Anyone who reaches out will have their information kept confidential and not shared unless the individual wishes for someone to speak on their behalf.

This number is not:

  • A party-info line. I can’t get you into parties.
  • A general conference information line. Google and conference staffs are there for you for general info.
  • A phishing expedition.
  • 1-900-CHATROOM.
  • “I just wanted to see what’s up”

This number is for situations such as:

  • I need help with or someone to talk to in confidence about an inappropriate situation that is developing or has occurred.
  • It’s my first conference and I feel absolutely alone or am having an absolutely horrid experience.

This line was a positive experience last year, let’s keep the option open for those who may need it. Please don’t be “that guy/girl” who abuses the number or thinks it’s funny to crank call. Go crank call rooms at the Rio instead 😉 .

If you are trusting, friendly, and want to help others, send an email to backups at secbarbie.com.

**PHONE NUMBER WILL GO LIVE SUNDAY AFTERNOON AND STAY ON-LINE UNTIL THE AUGUST 10TH

Conferences, Gender Issues

“Fake Geek Girls”

July 25, 2014

I’m in the process of getting the blog back alive, but I couldn’t wait to share this with everyone, so please be patient when it comes to my other content getting back online soon.

I came across this video this morning and it’s alarmingly amazing! They are talking about ‘Fake Geek Girls’, but as our major ‘Security Summer Camp’ is approaching, it’s so appropriate that you can actually see the overlap to how some perceive females that attend InfoSec/Hacker conferences as well.

Some notable moments:

2:12 – Their take on Booth Babes (This one is really good, especially since it looks at the perspective of the actual ‘booth babes’ while poking fun)

5:40 – Credibility – Females vs Males <– THIS… SO THIS…

6:50 NICOLE SCHWARTZ!!! (HELL YEAH! They used a picture of @amazonv )

7:46 – SHOWER! (We all know this should be advised for all the guys and some of the stinky girls)

 

The link to YouTube: SWIW #3: “Fake Geek Girls” – Fact? Or Fiction?

 

Conferences, InfoSec Issues

DefCon Sunday – The Buddy Line Update

August 4, 2013

SecBarbieVegas2013As I sit and enjoy the Vegas morning, I am happy to report that the Buddy line has not been used to report an incident this entire week. Well, perhaps I’m not so happy, I’m hoping that things are going well for all and that incidents are not occurring and just not getting reported. One of the types of issues that I am personally trying to avoid by having the buddy line is having people feel they can’t report incidents due to repercussions, this is also intended to give victims a safer avenue for reporting.

I personally had my two negative experiences at DefCon this year I wanted to let others know that it happens to everyone. Luckily for me, they were not ‘attacks’ or anything of such. One incident was at the Friday night pub crawl, and was a drunken guy who nearly put me to the ground running straight through me for no apparent reason, I was left with bruises as well as drenched with my drink (for context as to time: it was only 11pm or so). This can be chalked up to party-foul, but was still not pleasant. The other incident was Saturday night and a lot closer to the heart.  I’m not ready to really address it in pubic yet, but the TL;DR is that I was publicly minimized by a person associated with a group of people that I consider good friends.

I would not normally air those incidents, or even think that much about them until this year and trying to imagine what it is like for someone who is attending for the first or second time. Luckily I have a great support system here in Vegas and I was able to vent a bit about this already, but for those that don’t have the system… the buddy line is still up!

I love you all InfoSec community, even the jackasses. I have faith we can do better.